Configure Email Authentication Settings for SPF and DKIM

Configure email authentication settings for SPF and DKIM for integrations. Apply these settings to your domain, then verify their configuration.

A simple yet effective way to validate emails, avoid spoofing, and reduce fraud attacks is configuring SPF and DKIM. Depending on email infra security, you may need to configure SPF and DKIM.
  • Sender Policy Framework (SPF) lets domain owners identify servers they have approved to send emails on behalf of their domain. In Oracle Integration's case, domain owners need to approve OCI as an approve sender and to add a record for it in their domain.
  • DomainKeys Identified Mail (DKIM) authenticates emails through a pair of cryptographic keys: a public key published in a Domain Name System TXT record, and a private key encrypted in a signature affixed to outgoing messages. The keys are generated by the email service provider.

Follow these steps to configure settings for SPF and DKIM. Also see An Advanced Guide to OIC Notification via Emails.

  1. Configure SPF (Sender Policy Framework).

    Add an SPF record to the domain of the from address to include the Oracle Cloud Infrastructure email delivery domain.

    Use the format below for the SPF record. The SPF record must identify the continent key of the Oracle Integration instance, as shown in the examples below.

    v=spf1 include:<continentkey> ~all

    Sending Region Example SPF Format


    v=spf1 ~all


    v=spf1 ~all


    v=spf1 ~all

    All Commercial Regions

    v=spf1 ~all

    In earlier Oracle Integration instances, sender verification was supported by adding the standard record to the domain of the from address.
  2. Configure DKIM (DomainKeys Identified Mail).

    To configure DKIM keys for Oracle Integration 3 instances, please log a Service Request in My Oracle Support. Include the following details:

    • selector name

    • key size

    • from address that will be used to send emails

    Oracle provides you with the details to add the CNAME DNS record for your domain. The instructions to add the DNS record depend on your domain provider. The CNAME contains the location of the public key.

    For example, for a selector name of me-yyz-20200502, a sending domain of, and an email region code of yyz, the CNAME looks like this: IN CNAME

    Once the DNS is updated, update the service request, and Oracle will activate the DKIM settings for your domain.

  3. In Oracle Integration, configure approved senders and confirm SPF and DKIM configuration.
    1. In the navigation pane, click Settings, then Notifications. The Notifications screen is displayed.
    2. In the Senders section, click Add Email Address to add approved senders, and complete the following fields.
      Field Description
      Email Address

      Enter your domain email address as the from address. You must set SPF and DKIM if using your own domain email address.

      Approval Status

      Either Approved or Not Approved, indicating email address approval.

      Email address approval is based on your version of Oracle Integration. In Oracle Integration, a verification email is sent. You must click the verification link you receive in the email. Upon successful verification, status is changed to Approved. In Oracle Integration 3, the email is automatically approved when you add the email ID.

      SPF Status

      This field verifies configuration for the Sender Policy Framework (SPF) for the sender email addresses. The status should be Configured.

      Confirm DKIM

      Check this field to confirm DKIM configuration for the sender.
    3. Click Save.

For information about email notifications in integrations, see Sending Service Failure Alerts, System Status Reports, and Integration Error Reports by Notification Emails in Using Integrations in Oracle Integration 3. Also see Send Notification Emails During Stages of the Integration with a Notification Action in Using Integrations in Oracle Integration 3.